proper IIS 6 configuration for forms authentication

I'm using Forms Authentication in my current ASP.NET Web Application (not MVC) and my IIS 6 server is configured with the following options:

in the [directory security tab] -> [Authentication Methods] I have:

• the anonymous access Enabled
• Integrated windows authentication Enabled

Do the above options prevent Forms Authentication from working properly? In other words, what is the proper IIS 6 configuration for Forms Authentication?

EDIT

I just made test with the two options above enabled and the Forms Authentication session expired and redirected me to开发者_运维问答 the login page, but all the answers so far advise that [Integrated windows authentication] should be off!

Here is a check list for using ASP.NET Forms Authentication on IIS6

Configure IIS:

In IIS, Site Properties -> Directory Security -> Authentication and Access Control

• Enable Anonymous Access
• Disable all Authenticated access methods

Configure Forms Authentication:

Configure Forms Authentication in your site's web.config:

<authentication mode="Forms">
  <forms name="MySite" 
         path="/" 
         loginUrl="~/logon.aspx" 
         protection="All" 
         timeout="30"
         slidingExpiration="true" />
</authentication>

Your name and loginUrl may vary. The slidigExpiration attribute is used to keep extending the forms authentication cookie lifetime rather than just kicking the user off of the site after the timeout has expired. The timeout value is in minutes.

Configure Session Timeout:

You need to configure your session state timeout to be longer than your Forms Authentication ticket expiry. If you don't do this then an idle session can time out the session but leave the user logged in. Code that expects Session values to be present will throw exceptions because they are gone even though they are still authenticated. The timeout value is also in minutes.

<sessionState mode="InProc" timeout="40" />

Because forms authentication does not rely on IIS authentication, you should configure anonymous access for your application in IIS if you intend to use forms authentication in your ASP.NET application.

See here http://msdn.microsoft.com/en-us/library/ff647070.aspx for more information.

The anonymous access should be enabled, I don't think integrated windows authentication makes a difference but if you're not going to need it then it's best to turn it off. The important thing to remember is to make sure it's turned on in web.config:

<authentication mode="Forms" />

Here's a basic tutorial that might be useful:

Overview of Forms Authentication

Anonymous access -> checked All other option on the security tab -> unchecked

Note, forms authentication is done by .NET - not by IIS. Also, Windows Authentication MUST be off as well.

Rather technical explanaitions by MS.